From: Matthias Fischer <matthias.fischer@ipfire.org>
Date: Wed, 19 Mar 2025 16:16:22 +0000 (+0100)
Subject: suricata: Update to 7.0.9
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7b333a241306273599367c946c00ea6f5b3920b2;p=people%2Fms%2Fipfire-2.x.git

suricata: Update to 7.0.9

Excerpt from changelog:
"7.0.9 -- 2025-03-18

Security #7616: datasets: hashsize setting via rules can cause high
memory usage (7.0.x backport)(MODERATE - CVE 2025-29916)

Security #7614: decode_base64: signature can do large memory
allocation (7.0.x backport)(HIGH - CVE 2025-29917)

Security #7527: detect: infinite loop with negated pcre and indefinite
recursion limit setting (7.0.x backport)(HIGH - CVE 2025-29918)

Security #7459: af-packet: defrag option can lead to truncated packets
(7.0.x backport)(HIGH - CVE 2025-29915)

Bug #7581: detect: missing file.data matches without filestore (7.0.x
backport)

Bug #7561: detect: integer underflow with krb5.ticket_encryption (7.0.x
backport)

Bug #7557: quic: valid traffic blocked in IPS mode (7.0.x backport)

Bug #7555: tls: parser error on unACK'd data in FIN shutdown (7.0.x
backport)

Bug #7553: applayer: misdetection if response is seen first without
request (7.0.x backport)

Bug #7496: detect: protocol probing doesn't finish earlier if opposite
dir already had a protocol  (7.0.x backport)

Bug #7493: flow/var: memory leak in lua extension (7.0.x backport)
Bug #7468: detect: checksum detection broken by stream.checksum-validation
(7.0.x backport)

Bug #7460: eve: empty src_ip and dest_ip values may be logged

Bug #7448: log/file: nullptr dereference if file was opened more than once
(7.0.x backport)

Bug #7431: flow: multiple Flow Managers scan wrong hash slices (7.0.x
backport)

Bug #7428: tcp: GAP event set on unack'd data following a RST (7.0.x
backport)

Optimization #7088: applayer: track modified transactions to avoid walking
all live transactions (7.0.x backport)"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/lfs/suricata b/lfs/suricata
index 2b05c3c54..56733125d 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 7.0.8
+VER        = 7.0.9
 
 THISAPP    = suricata-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 8571a6368b90e18046cdcf71f53e1b59e895ea8fe2d8f996ef614a890b520671f5dcac10014555880e408060913df1dab4c473bf083e7c0451c6a4b93bedd047
+$(DL_FILE)_BLAKE2 = fe01a304b170cf210b3ad2c782c6a49798c67df5433498715101ba626548395a70793a50221390f6697d1aef2be1808ba430091dae097e350dd2a9c98677a61b
 
 install : $(TARGET)